Presentation is loading. Please wait.

Presentation is loading. Please wait.

Guide to Network Defense and Countermeasures Second Edition Chapter 11 Strengthening and Managing Firewalls.

Published byDrusilla Hensley Modified over 9 years ago

Similar presentations

Presentation on theme: "Guide to Network Defense and Countermeasures Second Edition Chapter 11 Strengthening and Managing Firewalls."— Presentation transcript:

1 Guide to Network Defense and Countermeasures Second Edition Chapter 11 Strengthening and Managing Firewalls

2 Guide to Network Defense and Countermeasures, Second Edition2 Objectives Manage firewalls to improve security Describe the most important issues in managing firewalls Know how to install and configure Check Point NG Know how to install and configure Microsoft ISA Server 2000 Know how to manage and configure Iptables for Linux

3 Guide to Network Defense and Countermeasures, Second Edition3 Managing Firewalls to Improve Security Poor management affects network –Security –Throughput –Disaster recovery Administrative tasks –Editing rule base according to the security policy –Managing firewall log files –Improving firewall performance –Configuring advanced firewall functions

4 Guide to Network Defense and Countermeasures, Second Edition4 Editing the Rule Base One of the best ways to improve security and performance Keep the following guidelines in mind –Make sure most important rules are near the top of the rule base –Make sure you don’t make the firewall do more logging than it has to –Reduce number of domain objects in the rule base –Keep rules that cover domain objects near the bottom of the rule base

5 Guide to Network Defense and Countermeasures, Second Edition5 Editing the Rule Base (continued) Reducing rules –Remove unnecessary rules –Keep number of rules to a minimum Reordering and editing rules –Keep most frequently matched rules near the top –Scan log files to find commonly used services –Reduce number of rules with Log as the action

6 Guide to Network Defense and Countermeasures, Second Edition6

7 7

8 8 Managing Log Files Deciding what to log –Some firewalls log only packets subject to a rule with a Deny action –Kind of log files Security log System log Traffic log Active log (Check Point NG) Audit log (Check Point NG) –Some firewalls have GUI interface to manage log files

9 Guide to Network Defense and Countermeasures, Second Edition9

10 10

11 Guide to Network Defense and Countermeasures, Second Edition11 Managing Log Files (continued) Configuring the log file format –Many firewalls generate log files in plain text –Sophisticated firewalls save log files in different formats Native format Open Database Connectivity (ODBC) format W3C Extended format –Edit and reconfiguring log file formats improves firewall efficiency

12 Guide to Network Defense and Countermeasures, Second Edition12 Managing Log Files (continued) Configuring the log file format –Review log files regularly –General steps for reviewing log files Review summary of recent log file events Display raw data in the form of a report Review data and identify traffic patterns that point to problems with the firewall rules Adjust the rules accordingly Review subsequent log file data –Log files can indicate signatures of attack attempts

13 Guide to Network Defense and Countermeasures, Second Edition13 Managing Log Files (continued) Preparing log file summaries and generating reports –Log summary Shows major events over a period of time Summaries are not reports Contain raw data that can be used to create reports –Some firewalls contain log file analysis tools Viewing raw data can be tedious and prone to errors –Reports Display data in an easy-to-read format Help you sorting your data

14 Guide to Network Defense and Countermeasures, Second Edition14

15 Guide to Network Defense and Countermeasures, Second Edition15

16 Guide to Network Defense and Countermeasures, Second Edition16

17 Guide to Network Defense and Countermeasures, Second Edition17 Improving Firewall Performance Might be performing unnecessary operations –Host lookups –Decryption –Logging Choose a machine with the fastest CPU for firewall Calculating memory requirements –512 MB to 1 GB of available RAM is preferred –Cache memory: [100 MB + (0.5 x number of users)]

18 Guide to Network Defense and Countermeasures, Second Edition18 Improving Firewall Performance (continued) Testing the firewall –Test it before and after it goes online –Ideal testing environment Lab with two computers –One connected to external interface –Another connected to internal interface

19 Guide to Network Defense and Countermeasures, Second Edition19 Configuring Advanced Firewall Functions Advanced features –Data caching –Remote management –Application filtering –Voice protocol support –Authentication –Time-based access scheduling Load sharing –Configure firewalls to share the total traffic load

20 Guide to Network Defense and Countermeasures, Second Edition20

21 Guide to Network Defense and Countermeasures, Second Edition21 Installing and Configuring Check Point NG Check Point NG –An enterprise-level firewall To plan for the installation, answer these questions –Is the firewall on the outside of the DMZ, or does it protect one part of the internal network from another part? –How important is it to monitor employees’ activities on the network?

22 Guide to Network Defense and Countermeasures, Second Edition22 Installing Check Point Modules OS requirements –Windows 2000 Professional or Server or Later –Windows NT with Service Pack 4 or later –Sun Solaris 7 or later –Red Hat Linux 6.2 or later Component –Part of an application that performs a specific range of functions

23 Guide to Network Defense and Countermeasures, Second Edition23 Installing Check Point Modules (continued) Check Point components –Check Point Management Server –Policy Editor –VPN/FireWall –Log Viewer –Inspection Open Platform for Security (OPSEC) –Protocol used by Check Point NG to integrate with other security products

24 Guide to Network Defense and Countermeasures, Second Edition24 Installing Check Point Modules (continued) Step 1: Preparing to install Check Point NG –Determine where the program will be installed –Pick a directory on a standalone server C:\WINNT is the default location If different directory, include a FWDIR variable –Enable IP forwarding on the host computer –Go to the Check Point User Center Obtain a license key to use the software Add the license in Check Point NG

25 Guide to Network Defense and Countermeasures, Second Edition25

26 Guide to Network Defense and Countermeasures, Second Edition26 Installing Check Point Modules (continued) Step 2: Select Check Point modules to install –Choose between Server/Gateway Components Mobile/Desktop Components –Decide what product to install Enterprise Primary Management or Enterprise Secondary Management Enforcement Module & Primary Management Enforcement Module –Select which Management Client you want to install

27 Guide to Network Defense and Countermeasures, Second Edition27 Installing Check Point Modules (continued) Step 3: Configuring Network Objects –Firewall will protect these objects –Smart management interfaces SmartDashboard SmartView Tracker –Network Objects Manager GUI tool included in SmartDashboard Easiest way to define network objects –Objects you most likely use Check Point Gateway and Node

28 Guide to Network Defense and Countermeasures, Second Edition28

29 Guide to Network Defense and Countermeasures, Second Edition29

30 Guide to Network Defense and Countermeasures, Second Edition30 Installing Check Point Modules (continued) Step 4: Creating filter rules –Develop a set of packet-filtering rules Called “Policy Packages” in Check Point –Create separate rules for different parts of network

31 Guide to Network Defense and Countermeasures, Second Edition31

32 Guide to Network Defense and Countermeasures, Second Edition32 What’s New in Check Point NGX Includes improved security and management capabilities –Centralized management for an organization’s perimeter, internal, and Web security needs –Enforces VPN rules by direction (inbound or outbound) –Support for backup links Backward compatibility for older authentication schemes

33 Guide to Network Defense and Countermeasures, Second Edition33 Installing and Configuring Microsoft ISA Server 2000 Microsoft ISA Server 2000 –Firewall designed to protect business networks –Performs a variety of proxy server functions Select the version of ISA Sever 2000 you want –Standard Edition –Enterprise Edition

34 Guide to Network Defense and Countermeasures, Second Edition34

35 Guide to Network Defense and Countermeasures, Second Edition35 Licensing ISA Server 2000 Obtain a license to use ISA Server 2000 on a permanent basis It is licensed on a per-processor basis –Need to purchase license for each processor on host –Can use as many clients as needed

36 Guide to Network Defense and Countermeasures, Second Edition36 Installing ISA Server 2000 Step 1: Choosing a server mode –Determines the features the firewall offers –Modes Firewall Cache Integrated

37 Guide to Network Defense and Countermeasures, Second Edition37

38 Guide to Network Defense and Countermeasures, Second Edition38 Installing ISA Server 2000 (continued) Step 2: Configuring cache locations and setting addresses –Cached Web pages need to be stored on an NTFS- formatted drive –Create a local address table (LAT) Defines your network’s internal addressing scheme –Identify the network adapter of the host computer

39 Guide to Network Defense and Countermeasures, Second Edition39

40 Guide to Network Defense and Countermeasures, Second Edition40

41 Guide to Network Defense and Countermeasures, Second Edition41 Configuring ISA Server 2000 Step 3: Creating a rule base from your security policy –ISA Server 2000’s Getting Started Wizard Helps you creating the rule base derived from your security policy Runs in the ISA Management Console –ISA Server is designed to integrate with Microsoft Active Directory

42 Guide to Network Defense and Countermeasures, Second Edition42

43 Guide to Network Defense and Countermeasures, Second Edition43 Configuring ISA Server 2000 (continued) Step 4: Selecting policy elements –Types of policy elements Schedules Bandwidth priorities Destination sets Client address sets Protocol definitions Content groups Dial-up entries

44 Guide to Network Defense and Countermeasures, Second Edition44

45 Guide to Network Defense and Countermeasures, Second Edition45 Monitoring the Server ISA Server Performance Monitor –Used for real-time monitoring of the server –Allows you to view alerts as soon as they are issued –Need to set up counters Keep track of the number of active connections currently forwarding data on the network

46 Guide to Network Defense and Countermeasures, Second Edition46

47 Guide to Network Defense and Countermeasures, Second Edition47 What is New in ISA Server 2004

48 Guide to Network Defense and Countermeasures, Second Edition48 Managing and Configuring Iptables Iptables –Configure packet filter rules for Linux firewall Netfilter –Replaces Ipchain –Enables Netfilter to perform stateful packet filtering –Can filter packets based on a full set of TCP option flags –Iptables is a command-line tool Rules are grouped in the form of chains –A rule in one chain can activate a specific rule in another chain

49 Guide to Network Defense and Countermeasures, Second Edition49 Built-in Chains Iptables comes with three built-in chains –Output –Input –Forward Handling packets decisions –Accept –Drop –Queue –Return

50 Guide to Network Defense and Countermeasures, Second Edition50

51 Guide to Network Defense and Countermeasures, Second Edition51 Built-in Chains (continued) Configure the default action for a chain with –P Example iptables –P OUTPUT ACCESS You can configure more specific actions on a case- by-case basis

52 Guide to Network Defense and Countermeasures, Second Edition52

53 Guide to Network Defense and Countermeasures, Second Edition53 User-Defined Chains Commands for configuring individual rules –-A chain rule—Adds a new rule to the chain –-I chain rule-number rule—Enables you to place a new rule in a specific location in the chain –-R chain rule-number rule—Enables you to replace a rule –-D chain rule-number—Deletes the rule at the position specified by [rule-number] –-D chain rule—Deletes a rule

54 Guide to Network Defense and Countermeasures, Second Edition54 User-Defined Chains (continued) Commands used to create rules –-s source—Identifies the source IP address –-d destination—Identifies the destination IP address –-p protocol—Identifies the protocol to be used in the rule (such as TCP, UDP, ICMP) –-i interface—Identifies the network interface the rule uses –-j target—Identifies the action associated with the rule –!—Negates whatever follows it –-l—Activates logging if a packet matches the rule

55 Guide to Network Defense and Countermeasures, Second Edition55 Summary Improving firewall configuration involves optimizing –Rule base –Log files Log files provide critical information –Network traffic –Attempts to attack Firewalls can generate log files in different formats Fine-tune your firewall to log only information you actually need Some firewalls include log file analysis tools

56 Guide to Network Defense and Countermeasures, Second Edition56 Summary (continued) Basic firewall functions –Host lookup –Encryption/decryption –Logging Machine hosting the firewall should have –Fastest processor available –At least the minimum required RAM –Cache memory Test your firewall before it goes online

57 Guide to Network Defense and Countermeasures, Second Edition57 Summary (continued) Check Point NG –Suite of firewall modules –Used to implement a security policy Microsoft ISA Server 2000 –Improves network security through traditional filtering and NAT Iptables –Linux command-line tool for creating packet filtering rules

Download ppt "Guide to Network Defense and Countermeasures Second Edition Chapter 11 Strengthening and Managing Firewalls."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Guide to Network Defense and Countermeasures Third Edition

Guide to Network Defense and Countermeasures Third Edition
Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.

Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.
11 INSTALLING WINDOWS XP Chapter 2. Chapter 2: Installing Windows XP2 INSTALLING WINDOWS XP  Prepare a computer for the installation of Microsoft Windows.

11 INSTALLING WINDOWS XP Chapter 2. Chapter 2: Installing Windows XP2 INSTALLING WINDOWS XP  Prepare a computer for the installation of Microsoft Windows.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 10: Collect and Analyze Performance Data.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 10: Collect and Analyze Performance Data.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 2: Managing Hardware Devices.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 2: Managing Hardware Devices.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.

Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

Similar presentations

Ads by Google